Before adding and sharing your Fraud Alert please check to see if a similar alert has already been posted, thank you:


Beware that ‘how to get data’ file may hide GPCODE Ransomware

Fraud Alert:

A new form of ransomware has made an appearance called “GPCODE Ransomware”

It dumps a text file called “how to get data” which infects and locks all files.

how to get data ransomware

GPCODE Ransomware infects your PC via:

  • Malicious URLs.
  • Malicious e-mail attachments.

Since this particular ransomware also known as the JOKE virus is reported to infect servers which have Citrix environment. GPCODE is also reported to spread and encrypt shared files between the devices in the network. This is why one compromised computer by GPCODE is a risk to the whole network.

Regarding the files it aims to encrypt, GPCODE is oriented towards as many commonly used file extensions as possible.

It uses the .LOL file extension after it encrypts the data, for example: Text Document.txt.LOL

A copy of the note left behind is below:

GPCODE Ransomware